Details
-
Bug
-
Resolution: Fixed
-
P1: Critical
-
5.6.2, 5.8.0
-
None
-
Ubuntu 16.10
-
90e0c6693 (dev), df485fff2 (dev), 617114171 (6.6), 7ae5b002d (6.6), e8e8e1082 (dev), 7864dcbe4 (6.6), cff1c12ec (dev), 2fd12c03c (6.6)
-
Foundation Sprint 88, Foundation Sprint 89
Description
The example below crashes intermittently with what appears to be a heap corruption. The stack trace obtained from the distilled example tends to fail in QFreeList, but crashes encountered in the wild are just as likely to fail in malloc.
#include <QCoreApplication> #include <QDBusConnection> #include <QDBusMessage> #include <QDBusPendingCallWatcher> #include <QDebug> int main(int argc, char *argv[]) { QCoreApplication application(argc, argv); for (int i = 0; i < 10; ++i) { QDBusPendingCall call(QDBusConnection::sessionBus().asyncCall( QDBusMessage::createMethodCall( "org.freedesktop.DBus", "/org/freedesktop/DBus", "org.freedesktop.DBus", "ListNames"))); qDebug() << "finished?" << call.isFinished(); } }
Thread 2 "QDBusConnection" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff29aa700 (LWP 10333)] 0x00007ffff780a465 in std::__atomic_base<int>::load (this=0x30, __m=std::memory_order_relaxed) at /usr/include/c++/6/bits/atomic_base.h:396 396 return __atomic_load_n(&_M_i, __m); (gdb) bt #0 0x00007ffff780a465 in std::__atomic_base<int>::load (this=0x30, __m=std::memory_order_relaxed) at /usr/include/c++/6/bits/atomic_base.h:396 #1 0x00007ffff78097c9 in QAtomicOps<int>::load<int> (_q_value=...) at ../../include/QtCore/../../../../../../depot/qt/qtbase/src/corelib/arch/qatomic_cxx11.h:227 #2 0x00007ffff7808a5c in QBasicAtomicInteger<int>::load (this=0x30) at ../../include/QtCore/../../../../../../depot/qt/qtbase/src/corelib/thread/qbasicatomic.h:102 #3 0x00007ffff7a931cd in QFreeList<void, QtTimerIdFreeListConstants>::next (this=0x0) at ../../include/QtCore/5.8.0/QtCore/private/../../../../../../../../../depot/qt/qtbase/src/corelib/tools/qfreelist_p.h:240 #4 0x00007ffff7a92b46 in QAbstractEventDispatcherPrivate::allocateTimerId () at qt/qtbase/src/corelib/kernel/qabstracteventdispatcher.cpp:93 #5 0x00007ffff7a92ceb in QAbstractEventDispatcher::registerTimer (this=0x7fffec0008c0, interval=25000, timerType=Qt::CoarseTimer, object=0x7fffec0032f0) at qt/qtbase/src/corelib/kernel/qabstracteventdispatcher.cpp:258 #6 0x00007ffff7ad8010 in QObject::startTimer (this=0x7fffec0032f0, interval=25000, timerType=Qt::CoarseTimer) at qt/qtbase/src/corelib/kernel/qobject.cpp:1646 #7 0x00007ffff7f579ce in qDBusAddTimeout (timeout=0x7fffec004190, data=0x7fffec0032f0) at qt/qtbase/src/dbus/qdbusintegrator.cpp:156 #8 0x00007ffff69d548d in ?? () from /lib/x86_64-linux-gnu/libdbus-1.so.3 #9 0x00007ffff69bfe82 in dbus_connection_send_with_reply () from /lib/x86_64-linux-gnu/libdbus-1.so.3 #10 0x00007ffff7f570f7 in q_dbus_connection_send_with_reply (connection=0x7fffec00dc40, message=0x7fffec00f7b0, pending_return=0x7ffff29a94d0, timeout_milliseconds=-1) at qt/qtbase/src/dbus/qdbus_symbols_p.h:210 ---Type <return> to continue, or q <return> to quit--- #11 0x00007ffff7f626a6 in QDBusConnectionPrivate::sendInternal (this=0x7fffec0032f0, pcall=0x555555772260, message=0x7fffec00f7b0, timeout=-1) at qt/qtbase/src/dbus/qdbusintegrator.cpp:2168 #12 0x00007ffff7f7432d in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1, 2>, QtPrivate::List<QDBusPendingCallPrivate*, void*, int>, void, void (QDBusConnectionPrivate::*)(QDBusPendingCallPrivate*, void*, int)>::call (f= (void (QDBusConnectionPrivate::*)(QDBusConnectionPrivate * const, QDBusPendingCallPrivate *, void *, int)) 0x7ffff7f6255a <QDBusConnectionPrivate::sendInternal(QDBusPendingCallPrivate*, void*, int)>, o=0x7fffec0032f0, arg=0x555555771a30) at ../../include/QtCore/../../../../../../depot/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:143 #13 0x00007ffff7f739d9 in QtPrivate::FunctionPointer<void (QDBusConnectionPrivate::*)(QDBusPendingCallPrivate*, void*, int)>::call<QtPrivate::List<QDBusPendingCallPrivate*, void*, int>, void> (f= (void (QDBusConnectionPrivate::*)(QDBusConnectionPrivate * const, QDBusPendingCallPrivate *, void *, int)) 0x7ffff7f6255a <QDBusConnectionPrivate::sendInternal(QDBusPendingCallPrivate*, void*, int)>, o=0x7fffec0032f0, arg=0x555555771a30) at ../../include/QtCore/../../../../../../depot/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:162 #14 0x00007ffff7f71e12 in QtPrivate::QSlotObject<void (QDBusConnectionPrivate::*)(QDBusPendingCallPrivate*, void*, int), QtPrivate::List<QDBusPendingCallPrivate*, void*, int>, void>::impl (which=1, this_=0x7fffec0044f0, r=0x7fffec0032f0, a=0x555555771a30, ret=0x0) at ../../include/QtCore/../../../../../../depot/qt/qtbase/src/corelib/kernel/qobject_impl.h:120 #15 0x00007ffff7ae15b1 in QtPrivate::QSlotObjectBase::call (this=0x7fffec0044f0, r=0x7fffec0032f0, a=0x555555771a30) at ../../include/QtCore/../../../../../../depot/qt/qtbase/src/corelib/kernel/qobject_impl.h:101 #16 0x00007ffff7ad620b in QMetaCallEvent::placeMetaCall (this=0x555555771ca0, object=0x7fffec0032f0) at qt/qtbase/src/corelib/kernel/qobject.cpp:500 ---Type <return> to continue, or q <return> to quit--- #17 0x00007ffff7ad7427 in QObject::event (this=0x7fffec0032f0, e=0x555555771ca0) at qt/qtbase/src/corelib/kernel/qobject.cpp:1263 #18 0x00007ffff7a98f32 in QCoreApplicationPrivate::notify_helper (receiver=0x7fffec0032f0, event=0x555555771ca0) at qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1122 #19 0x00007ffff7a98b5a in doNotify (receiver=0x7fffec0032f0, event=0x555555771ca0) at qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1063 #20 0x00007ffff7a98a0c in QCoreApplication::notifyInternal2 (receiver=0x7fffec0032f0, event=0x555555771ca0) at qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:987 #21 0x00007ffff7a9cdd8 in QCoreApplication::sendEvent (receiver=0x7fffec0032f0, event=0x555555771ca0) at ../../include/QtCore/../../../../../../depot/qt/qtbase/src/corelib/kernel/qcoreapplication.h:231 #22 0x00007ffff7a99f90 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x55555576fb70) at qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1648 #23 0x00007ffff7a998e6 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1502 #24 0x00007ffff7b1f621 in postEventSourceDispatch (s=0x7fffec0012d0) at qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:276 #25 0x00007ffff56337d7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #26 0x00007ffff5633a40 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #27 0x00007ffff5633aec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #28 0x00007ffff7b1fe0a in QEventDispatcherGlib::processEvents (this=0x7fffec0008c0, flags=...) at qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423 #29 0x00007ffff7a950f2 in QEventLoop::processEvents (this=0x7ffff29a9c80, flags=...) at qt/qtbase/src/corelib/kernel/qeventloop.cpp:134 ---Type <return> to continue, or q <return> to quit--- #30 0x00007ffff7a95429 in QEventLoop::exec (this=0x7ffff29a9c80, flags=...) at qt/qtbase/src/corelib/kernel/qeventloop.cpp:212 #31 0x00007ffff7838a91 in QThread::exec (this=0x7ffff7ff3dc0 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qt/qtbase/src/corelib/thread/qthread.cpp:507 #32 0x00007ffff7f4b895 in QDBusConnectionManager::run (this=0x7ffff7ff3dc0 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qt/qtbase/src/dbus/qdbusconnection.cpp:170 #33 0x00007ffff7841000 in QThreadPrivate::start (arg=0x7ffff7ff3dc0 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qt/qtbase/src/corelib/thread/qthread_unix.cpp:368 #34 0x00007ffff6c016ca in start_thread (arg=0x7ffff29aa700) at pthread_create.c:333 #35 0x00007ffff6f200af in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105